Anti-Money Laundering & Combating the Financing of Terrorism and Illegal Organizations Guidelines for Financial Institutions

 Anti-Money Laundering and Combating the Financing of Terrorism and the Financing of Illegal Organizations provide guidelines for Financial Institutions (FIs) for their guidance and assistance. These guidelines consist of:
  1. Overview
  2. Identification and Assessment of ML/FT Risks
  3. Mitigation of ML/FT Risks
  4. AML/CFT Compliance Administration and Reporting

Overview of Guidelines

In UAE, Anti-Money Laundering & Combating the Financing of Terrorism and Illegal Organizations guidelines assist FIs in the effective performance of their statutory obligations under the legal and regulatory framework.   These Guidelines set out the minimum expectations regarding the factors that should be taken into consideration by each of the supervised financial institutions which fall under their respective jurisdictions, for identification, assessing and mitigating the risks of money laundering (ML), the financing of terrorism (FT), and the financing of illegal organizations.


  •     All financial institutions
  •     All members of their boards of directors
  •     All management and employees
Operating in the territory of the UAE and the respective Free Zones whether they are involved in any business activities outlined in Articles (2) and (3) of Cabinet Decision No. (10) of 2019. These guidelines also apply to all natural and legal persons in banks, finance & insurance companies, agencies & brokers and other financial institutions. 

Identification and Assessment of ML/FT Risks

Both AML-CFT provide that financial institutions employ a risk-based approach concerning the identification and assessment of ML/FT risks. Financial institutions are legally bound to understand which ML/FT risks they are exposed to and how they may be affected by those risks. Under ML/FT law in UAE, FIs continuously assess and update documents based on the various risk factors in the Implementing Regulation of this Decree-Law. FIs maintain data on risk identification and assessment analysis and provide data to the Supervisory Authority upon request. Moreover, the AML-CFT Decision imposes supervised institutions with documenting risk assessment operations, keeping them up to date on an ongoing basis and making them available upon request.

1.   Risk-Based Approach (RBA)

The below diagram explains the RBA process from an ML/TF business risk assessment and the reporting of suspicious transactions.

2.   Risk Assessment Methodology and Documentation

  •     Risk assessment methodology should be based on quantitative & qualitative data and information from internal meetings or interviews and internal questionnaires concerning risk identification and controls, and review of internal audit reports.
  •     For documentation FIs should take reasonable measures according to the size and nature of the businesses.

Mitigation of ML/FT Risks

AML-CFT Law and the AML-CFT Decision provide that FIs may utilize a risk-based approach for the mitigation of ML/FT risks.

Internal Policies, Controls and Procedures

The AML-CFT Law and the AML-CFT Decision require FIs to implement internal policies, controls and procedures that facilitate them to manage and mitigate the ML/FT risks they have identified in their ML/TF business risk assessment, in keeping with the nature and size of their businesses. These policies, controls and procedures must be approved and reviewed by senior management and must apply to all branches, subsidiaries and affiliated entities in which FIs hold a majority interest.

Customer Due Diligence (CDD)

The main elements of a customer due diligence program include:
  •     Customer Identification
  •     Profiles
  •     Customer Acceptance
  •     Risk rating
  •     Monitoring
  •     Investigation
  •     Documentation

AML/CFT Administration and Reporting

Suspicious Transaction Reporting

FIs are legally bound to report any suspicious transactions and related information, promptly to the Financial Intelligence Unit (FIU) under the UAE AML/CFT legal and regulatory framework. FIs are required to identify possible suspicious transactions by using update indicators. To fulfil these obligations, FIs should implement adequate internal policies, procedures and controls for the identification and immediate reporting of suspicious transactions.


Under AML-CFT Law any organization to be effective must be based on the foundation of governance structure and strong compliance culture.

Record Keeping

Under AML-CFT Law FIs are required to maintain all records, documents, all transactions data, all CDD measures records, account files & business correspondence, and all documents related with their ML/FT risk assessment and mitigation measures.

International Financial Sanctions

FIs are required to comply with the directives of the State’s Competent Authorities with the agreements and international agreements and conventions, including but not limited to Cabinet Decision No. (74) of 2020 Regarding Terrorism Lists Regulation and Implementation of UN Security Council Resolutions on the Suppression and Combating of Terrorism, Terrorists Financing & Proliferation of Weapons of Mass Destruction, and Related. Resolutions.

Want AML/CFT Compliance Services in UAE?

Due to the regulatory framework of the UAE, every financial institution is obligated to stay compliant with AML/CFT laws. If you are looking for AML compliance services in UAE, ADEPTs are here to assist you. ADEPTs offer a range of services under AML/CFT Compliance Services in UAE including:
  •         AMP Policy and Procedures
  •         Risk Assessment and Risk Profiling 
  •         AML/CFT Health Check
  •         AML IT System
  •         Compliance services